fix: Parsing X-Forwarded-IP

motoki317 · motoki317 · commit 5d858cbafb41 · 2025-08-26T16:44:39.000+09:00
diff --git a/internal/config.go b/internal/config.go
@@ -287,7 +287,12 @@ func (c *Config) setupProvider(name string) error {
 	return nil
 }
 
-func (c *Config) IsIPAddressAuthenticated(address string) (bool, error) {
+func (c *Config) IsIPAddressAuthenticated(addresses string) (bool, error) {
+	// Check only the right-most address to be safe
+	split := strings.Split(addresses, ",")
+	address := split[len(split)-1]
+	address = strings.TrimSpace(address)
+
 	addr := net.ParseIP(address)
 	if addr == nil {
 		return false, fmt.Errorf("invalid ip address: '%s'", address)
diff --git a/internal/config_test.go b/internal/config_test.go
@@ -423,13 +423,15 @@ trusted-ip-addresses:
 	assert.NoError(err)
 
 	table := map[string]bool{
-		"1.2.3.3":      false,
-		"1.2.3.4":      true,
-		"1.2.3.5":      false,
-		"192.168.1.1":  false,
-		"30.1.0.1":     true,
-		"30.1.255.254": true,
-		"30.2.0.1":     false,
+		"1.2.3.3":           false,
+		"1.2.3.4":           true,
+		"1.2.3.5":           false,
+		"192.168.1.1":       false,
+		"30.1.0.1":          true,
+		"30.1.255.254":      true,
+		"30.2.0.1":          false,
+		"30.2.0.1, 1.2.3.4": true,
+		"1.2.3.4, 30.2.0.1": false,
 	}
 
 	for in, want := range table {
